[ubuntu/trusty-updates] libxml2 2.9.1+dfsg1-3ubuntu4.9 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Mar 16 11:58:14 UTC 2017
libxml2 (2.9.1+dfsg1-3ubuntu4.9) trusty-security; urgency=medium
* SECURITY UPDATE: format string vulnerabilities
- debian/patches/CVE-2016-4448-1.patch: fix format string warnings in
HTMLparser.c, SAX2.c, catalog.c, configure.in, debugXML.c,
encoding.c, entities.c, error.c, include/libxml/parserInternals.h,
include/libxml/xmlerror.h, include/libxml/xmlstring.h, libxml.h,
parser.c, parserInternals.c, relaxng.c, schematron.c, testModule.c,
valid.c, xinclude.c, xmlIO.c, xmllint.c, xmlreader.c, xmlschemas.c,
xmlstring.c, xmlwriter.c, xpath.c, xpointer.c.
- debian/patches/CVE-2016-4448-2.patch: fix format string warnings in
libxml.h, relaxng.c, xmlschemas.c, xmlstring.c.
- debian/patches/CVE-2016-4448-3.patch: fix build on pre-C99 compilers
in relaxng.c, xmlschemas.c.
- debian/libxml2.symbols: added new symbol.
- CVE-2016-4448
* SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges
- debian/patches/CVE-2016-4658.patch: disallow namespace nodes in
XPointer ranges in xpointer.c.
- CVE-2016-4658
* SECURITY UPDATE: use-after-free in XPointer range-to function
- debian/patches/CVE-2016-5131-1.patch: fix XPointer paths beginning
with range-to in xpath.c, xpointer.c.
- debian/patches/CVE-2016-5131-2.patch: fix comparison with root node
in xmlXPathCmpNodes in xpath.c.
- CVE-2016-5131
Date: 2017-03-15 14:58:37.499491+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.9
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list